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REMARKS/ARGUMENTS 

Applicant has amended his claims to overcome the "indefiniteness" objections 
and rejections. Applicant has also added a new independent claim 154 that includes 
similar limitations to claim 1 but omits the "consisting essentially of language of the 
claim 1 claim preamble. Applicants request the Examiner to reconsider and allow this 
application in view of the proposed amendments and the following remarks. 

The Examiner withdew his previous rejection based on Bellovin, but now rejects 
all claims as "obvious" in view of Vanstone combined with Bellovin together or with Wu. 
However, as will be explained below, adding ideas to Vanstone from Bellovin has 
relatively limited effect. Applicant respectfully submits that the methods disclosed and 
claimed herein are more elegant, less computationally intensive, as secure or more so, 
and better suited to real-world mobile uses than the method disclosed by Vanstone 
(with or without Bellovin combinations). 

Vanstone's disclosed process involves two public-private key pairs, generation of 
three random numbers, two Diffie-Hellman calculations, two SHA hashes, and a digital 
signature . For example, Vanstone's rather complex and involved protocol appears to 
require the calling party (the client) to: 

• generate two random numbers, 

• store a public-private key pair on disk, 

• generate the Diffie-Helman values, 

• run a SHA hash, and 

• perform a digital signature. 



-5- 



1138870 



SIMMS 

Appl. No. 09/986,319 
January 4, 2007 

Such a method requires extensive processing to generate the hashes, the digital 
signature and the Diffie-Hellman values. It may also present a security risk since the 
public-private key pair is stored in a non-volatile, potentially accessible memory. 

By comparison, the exemplary illustrative non-limiting method disclosed in the 
present application requires generation of only two random numbers and one public- 
private key pair, encrypts all data across the wire (except the user ID in one exemplary 
illustrative non-limiting implementation), requires no pre-sharing or generation of values 
on the calling party, and has minimal computational impact on the calling party. Such 
features make it highly advantageous for mobile use. 

While the calling party does a huge amount of work in Vanstone, the calling party 
using the exemplary illustrative non-limiting techniques disclosed herein merely 
generates a random number, sends it to the called party after encrypting it with the 
public key received from the called party, and combines it with the second random 
number received from the called party to generate the shared secret key. This 
technique is simple, straightforward, secure, and has the potential of being lightning- 
fast. 

Applicant does not understand where the Examiner finds a motivation to combine 
Vanstone with Bellovin. The Examiner contends it would have been "obvious" to modify 
Vanstone to exchange the public key in an encrypted message instead of using the 
public key embedded in Read Only Memory (ROM) and/or obtaining the public key from 
a trusted third party server. However, it appears that each of Vanstone's 
"correspondents" needs to have its own PK key pair: 
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each of said correspondents C,S having a respective private 
l<ey e,d and a public key Qu and Qs 

See col. 1 lines 56-58 (emphasis added). The Examiner wants to modify Vanstone's 

system by having the correspondents share the same public key which they exchange 

between themselves. By making such a modification, however, it appears that 

Vanstone's system would lose the ability to perform other aspects of his method such 

as for example verifying digital signatures applied by particular devices based on 

access to a trusted centralized public key database. See e.g., col. 3, line 66 and 

following ("The hash h will then be used to verify the signature using the public key Qu 

recovered from the database. ") Accordingly, such a modification the Examiner is 

urging is not fairly suggested by the combination of references, and it appears that 

Vanstone actually teaches away. 

There are no passwords in Vanstone's system as required by dependent claim 6, 
but the Examiner further urges that Vanstone could be modified to use a password. 
However, because Vanstone's "IDu" is sent to the server in the final step, there is no 
opportunity for the server to identify the password associated with the calling party to 
make use of it. Accordingly, such combination is further lacking. Wu does not supply 
the missing teachings. 

All outstanding issues have been addressed and this application is in condition 
for allowance. Should any minor issues remain outstanding, the Examiner should 
contact the undersigned at the telephone number listed below so they can be resolved 
expeditiously without need of a further written action. 
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Respectfully submitted, 
NIXON & VANDERHYE P.C. 



By: /Robert W. Paris/ 

Robert W. Paris 
Reg. No. 31,352 

RWP:ejs 

901 North Glebe Road, 11th Ploor 
Arlington, VA 22203-1808 
Telephone: (703)816-4000 
Pacsimile: (703)816-4100 



